From 1f1d15b1cc3917508e2dd824cd978ff4f9ef0505 Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 13 Sep 2023 11:06:05 +0200 Subject: [PATCH 01/15] feat: add nix flake with docker image derivation --- .gitignore | 1 + flake.lock | 42 ++++++++++++++++ flake.nix | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 180 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/.gitignore b/.gitignore index 9f11b75..690d363 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .idea/ +/result diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..7255aa1 --- /dev/null +++ b/flake.lock @@ -0,0 +1,42 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1693428224, + "narHash": "sha256-FWUUlhYqkGEySUD0blTADRiDQ7fw+H1ikivfu88uy+w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "841889913dfd06a70ffb39f603e29e46f45f0c1a", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs", + "systems": "systems" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..ecd0b1f --- /dev/null +++ b/flake.nix @@ -0,0 +1,137 @@ +{ + inputs = { + nixpkgs.url = "nixpkgs/nixos-23.05"; + systems.url = "github:nix-systems/default"; + }; + + outputs = { self, nixpkgs, systems }: + let + lib = nixpkgs.lib; + eachSystem = lib.genAttrs (import systems); + pkgsFor = eachSystem (system: nixpkgs.legacyPackages.${system}); + in { + packages = eachSystem (system: + let + pkgs = pkgsFor.${system}; + init = pkgs.writeText "entrypoint.sh" '' + #!${pkgs.bash}/bin/bash + mkdir -pm1777 /tmp + nginx -e /dev/null -c ${nginxConf} & + php-fpm -Fy ${phpFpmConf} -c ${phpIni} & + wait -n + echo $? + ''; + phpFpmConf = pkgs.writeText "php-fpm.conf" '' + [global] + error_log = /dev/stdout + log_limit = 8192 + [www] + access.log = /dev/stdout + access.format = "[php-fpm:access] %R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + clear_env = no + catch_workers_output = yes + decorate_workers_output = no + user = nobody + group = nobody + listen = 127.0.0.1:9000 + pm = dynamic + pm.max_children = 20 + pm.max_requests = 1000 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 + ''; + phpIni = pkgs.writeText "php.ini" '' + display_errors = Off + log_errors = On + short_open_tag = Off + variables_order = 'GPCS' + request_order = 'GP' + memory_limit = 512M + max_execution_time = 300 + max_input_time = 300 + post_max_size = 50M + upload_max_size = 50M + max_input_vars = 5000 + expose_php = Off + date.timezone = UTC + opcache.memory_consumption = 512 + opcache.interned_strings_buffer = 64 + opcache.max_accelerated_files = 32531 + opcache.fast_shutdown = Off + ''; + nginxConf = pkgs.writeText "nginx.conf" '' + user nobody nobody; + worker_processes 1; + daemon off; + error_log /dev/stdout info; + pid /dev/null; + events { + worker_connections 1024; + } + http { + access_log /dev/stdout; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + include ${pkgs.nginx}/conf/mime.types; + default_type application/octet-stream; + upstream php { + server 127.0.0.0:9000; + } + server { + listen 80; + index index.php; + client_max_body_size 50m; + root /app/public; + location / { + try_files $uri $uri/ /index.php?$query_string; + } + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass php; + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_read_timeout 600; + } + } + } + ''; + php = pkgs.php82.withExtensions ({ enabled, all }: with all; enabled ++ [ + rdkafka + ]); + in { + default = pkgs.dockerTools.buildImage { + name = "laravel-base-image"; + tag = "local"; + copyToRoot = pkgs.buildEnv { + name = "laravel-base"; + paths = with pkgs; [ + busybox + nginx + php + php.packages.composer + ] ++ (with dockerTools; [ + binSh + usrBinEnv + caCertificates + fakeNss + ]); + pathsToLink = [ + "/bin" + "/usr/bin" + "/usr/share" + "/etc" + ]; + }; + config = { + Cmd = [ "${pkgs.bash}/bin/bash" init ]; + Env = [ + "PHPRC=${phpIni}" + ]; + }; + }; + }); + }; +} From 236d9c5cf5c06db3cf3acc874abe430c07667886 Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 13 Sep 2023 11:22:40 +0200 Subject: [PATCH 02/15] chore: remove old dockerfiles --- laravel-nginx.Dockerfile | 27 --------------- laravel-swoole.Dockerfile | 73 --------------------------------------- 2 files changed, 100 deletions(-) delete mode 100644 laravel-nginx.Dockerfile delete mode 100644 laravel-swoole.Dockerfile diff --git a/laravel-nginx.Dockerfile b/laravel-nginx.Dockerfile deleted file mode 100644 index 99b5827..0000000 --- a/laravel-nginx.Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -FROM webdevops/php-nginx:8.2-alpine - -ENV WEB_DOCUMENT_ROOT=/app/public -ENV php.opcache.enable=1 -ENV php.opcache.memory_consumption=512 -ENV php.opcache.interned_strings_buffer=64 -ENV php.opcache.max_accelerated_files=32531 -ENV php.opcache.fast_shutdown=0 -ENV FPM_PM_MAX_CHILDREN=20 -ENV FPM_MAX_REQUESTS=1000 - -RUN apk --update --no-cache add \ - gcompat \ - libstdc++ \ - curl \ - autoconf \ - gcc \ - g++ \ - make \ - librdkafka-dev \ - less - -RUN pecl install rdkafka && docker-php-ext-enable rdkafka -RUN rm -rf /tmp/pear - -WORKDIR /app -USER 1000 diff --git a/laravel-swoole.Dockerfile b/laravel-swoole.Dockerfile deleted file mode 100644 index 86e07f5..0000000 --- a/laravel-swoole.Dockerfile +++ /dev/null @@ -1,73 +0,0 @@ -FROM composer:2.4.4 AS composer - -FROM phpswoole/swoole:5.0-php8.1-alpine - -RUN apk --update --no-cache add \ - gcompat \ - libstdc++ \ - git \ - wget \ - curl \ - build-base \ - nodejs \ - npm \ - libmcrypt-dev \ - libxml2-dev \ - pcre-dev \ - zlib-dev \ - autoconf \ - oniguruma-dev \ - openssl \ - openssl-dev \ - freetype-dev \ - libjpeg-turbo-dev \ - jpeg-dev \ - libpng-dev \ - imagemagick-dev \ - imagemagick \ - postgresql-dev \ - libzip-dev \ - gettext-dev \ - libxslt-dev \ - libgcrypt-dev \ - librdkafka-dev \ - less - -RUN pecl channel-update pecl.php.net && \ - pecl install mcrypt && \ - pecl install xdebug && \ - pecl install rdkafka && \ - pecl install redis && \ - docker-php-ext-install \ - mysqli \ - mbstring \ - pdo \ - pdo_mysql \ - tokenizer \ - xml \ - pcntl \ - bcmath \ - pdo_pgsql \ - zip \ - intl \ - gettext \ - soap \ - sockets \ - xsl && \ - docker-php-ext-configure gd --with-freetype=/usr/lib/ --with-jpeg=/usr/lib/ && \ - docker-php-ext-install gd && \ - docker-php-ext-enable xdebug && \ - docker-php-ext-enable rdkafka && \ - docker-php-ext-enable redis && \ - rm -rf /tmp/pear && \ - rm /var/cache/apk/* - -COPY --from=composer /usr/bin/composer /usr/bin/composer - -RUN adduser --shell /bin/sh --disabled-password --uid 1000 application -RUN mkdir /app && chown 1000:1000 -R /app - -WORKDIR /app -USER 1000 - -EXPOSE 8000 From 625bbb8a97e6e82f1bcf89502bcfc819b7914001 Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 15 Sep 2023 08:54:55 +0200 Subject: [PATCH 03/15] fix: php upstream address --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index ecd0b1f..3857b18 100644 --- a/flake.nix +++ b/flake.nix @@ -78,7 +78,7 @@ include ${pkgs.nginx}/conf/mime.types; default_type application/octet-stream; upstream php { - server 127.0.0.0:9000; + server 127.0.0.1:9000; } server { listen 80; From 67f042c2bfbcd183e2a56cb1a367fbfd041b0827 Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 15 Sep 2023 08:57:38 +0200 Subject: [PATCH 04/15] feat: allow adding scripts to run at container start --- flake.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 3857b18..7b6c683 100644 --- a/flake.nix +++ b/flake.nix @@ -15,7 +15,7 @@ pkgs = pkgsFor.${system}; init = pkgs.writeText "entrypoint.sh" '' #!${pkgs.bash}/bin/bash - mkdir -pm1777 /tmp + find /entrypoint.d -type f -executable -print0 | xargs -0I{} {} nginx -e /dev/null -c ${nginxConf} & php-fpm -Fy ${phpFpmConf} -c ${phpIni} & wait -n @@ -125,6 +125,11 @@ "/etc" ]; }; + runAsRoot = '' + #!/usr/bin/env bash + mkdir -pm1777 /tmp + mkdir -p /entrypoint.d + ''; config = { Cmd = [ "${pkgs.bash}/bin/bash" init ]; Env = [ From b3aa6c704f0ab2ca8205f89cd98e139fa12494d4 Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 15 Sep 2023 14:11:54 +0200 Subject: [PATCH 05/15] fix: error logging --- flake.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 7b6c683..766f14b 100644 --- a/flake.nix +++ b/flake.nix @@ -23,10 +23,10 @@ ''; phpFpmConf = pkgs.writeText "php-fpm.conf" '' [global] - error_log = /dev/stdout + error_log = /dev/stderr log_limit = 8192 [www] - access.log = /dev/stdout + access.log = /dev/stderr access.format = "[php-fpm:access] %R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" clear_env = no catch_workers_output = yes @@ -42,8 +42,9 @@ pm.max_spare_servers = 3 ''; phpIni = pkgs.writeText "php.ini" '' - display_errors = Off + display_errors = On log_errors = On + error_log = /dev/stderr short_open_tag = Off variables_order = 'GPCS' request_order = 'GP' From 898ae0c0ac6b91836d9800ba3187146af6da51b9 Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 20 Sep 2023 04:31:54 +0200 Subject: [PATCH 06/15] refactor: split things up and make php extensions more easily overridable --- config/entrypoint-sh.nix | 13 ++++ config/nginx-conf.nix | 40 ++++++++++++ config/php-fpm-conf.nix | 20 ++++++ config/php-ini.nix | 20 ++++++ flake.nix | 128 +-------------------------------------- image.nix | 52 ++++++++++++++++ 6 files changed, 147 insertions(+), 126 deletions(-) create mode 100644 config/entrypoint-sh.nix create mode 100644 config/nginx-conf.nix create mode 100644 config/php-fpm-conf.nix create mode 100644 config/php-ini.nix create mode 100644 image.nix diff --git a/config/entrypoint-sh.nix b/config/entrypoint-sh.nix new file mode 100644 index 0000000..e423830 --- /dev/null +++ b/config/entrypoint-sh.nix @@ -0,0 +1,13 @@ +{ writeText +, busybox +, nginxConf +, phpFpmConf +, phpIni +}: writeText "entrypoint.sh" '' + #!${busybox}/bin/sh + find /entrypoint.d -type f -executable -print0 | xargs -0I{} {} + nginx -e /dev/null -c ${nginxConf} & + php-fpm -Fy ${phpFpmConf} -c ${phpIni} & + wait -n + echo $? +'' diff --git a/config/nginx-conf.nix b/config/nginx-conf.nix new file mode 100644 index 0000000..65f9ea9 --- /dev/null +++ b/config/nginx-conf.nix @@ -0,0 +1,40 @@ +{ nginx +, writeText +}: writeText "nginx.conf" '' + user nobody nobody; + worker_processes 1; + daemon off; + error_log /dev/stdout info; + pid /dev/null; + events { + worker_connections 1024; + } + http { + access_log /dev/stdout; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + include ${nginx}/conf/mime.types; + default_type application/octet-stream; + upstream php { + server 127.0.0.1:9000; + } + server { + listen 80; + index index.php; + client_max_body_size 50m; + root /app/public; + location / { + try_files $uri $uri/ /index.php?$query_string; + } + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass php; + include ${nginx}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_read_timeout 600; + } + } + } +'' diff --git a/config/php-fpm-conf.nix b/config/php-fpm-conf.nix new file mode 100644 index 0000000..9f1b125 --- /dev/null +++ b/config/php-fpm-conf.nix @@ -0,0 +1,20 @@ +{ writeText }: writeText "php-fpm.conf" '' + [global] + error_log = /dev/stderr + log_limit = 8192 + [www] + access.log = /dev/stderr + access.format = "[php-fpm:access] %R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + clear_env = no + catch_workers_output = yes + decorate_workers_output = no + user = nobody + group = nobody + listen = 127.0.0.1:9000 + pm = dynamic + pm.max_children = 20 + pm.max_requests = 1000 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 3 +'' diff --git a/config/php-ini.nix b/config/php-ini.nix new file mode 100644 index 0000000..1a6f059 --- /dev/null +++ b/config/php-ini.nix @@ -0,0 +1,20 @@ +{ writeText }: writeText "php.ini" '' + display_errors = On + log_errors = On + error_log = /dev/stderr + short_open_tag = Off + variables_order = 'GPCS' + request_order = 'GP' + memory_limit = 512M + max_execution_time = 300 + max_input_time = 300 + post_max_size = 50M + upload_max_size = 50M + max_input_vars = 5000 + expose_php = Off + date.timezone = UTC + opcache.memory_consumption = 512 + opcache.interned_strings_buffer = 64 + opcache.max_accelerated_files = 32531 + opcache.fast_shutdown = Off +'' diff --git a/flake.nix b/flake.nix index 766f14b..9d665e4 100644 --- a/flake.nix +++ b/flake.nix @@ -10,134 +10,10 @@ eachSystem = lib.genAttrs (import systems); pkgsFor = eachSystem (system: nixpkgs.legacyPackages.${system}); in { - packages = eachSystem (system: - let + packages = eachSystem (system: let pkgs = pkgsFor.${system}; - init = pkgs.writeText "entrypoint.sh" '' - #!${pkgs.bash}/bin/bash - find /entrypoint.d -type f -executable -print0 | xargs -0I{} {} - nginx -e /dev/null -c ${nginxConf} & - php-fpm -Fy ${phpFpmConf} -c ${phpIni} & - wait -n - echo $? - ''; - phpFpmConf = pkgs.writeText "php-fpm.conf" '' - [global] - error_log = /dev/stderr - log_limit = 8192 - [www] - access.log = /dev/stderr - access.format = "[php-fpm:access] %R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - clear_env = no - catch_workers_output = yes - decorate_workers_output = no - user = nobody - group = nobody - listen = 127.0.0.1:9000 - pm = dynamic - pm.max_children = 20 - pm.max_requests = 1000 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 3 - ''; - phpIni = pkgs.writeText "php.ini" '' - display_errors = On - log_errors = On - error_log = /dev/stderr - short_open_tag = Off - variables_order = 'GPCS' - request_order = 'GP' - memory_limit = 512M - max_execution_time = 300 - max_input_time = 300 - post_max_size = 50M - upload_max_size = 50M - max_input_vars = 5000 - expose_php = Off - date.timezone = UTC - opcache.memory_consumption = 512 - opcache.interned_strings_buffer = 64 - opcache.max_accelerated_files = 32531 - opcache.fast_shutdown = Off - ''; - nginxConf = pkgs.writeText "nginx.conf" '' - user nobody nobody; - worker_processes 1; - daemon off; - error_log /dev/stdout info; - pid /dev/null; - events { - worker_connections 1024; - } - http { - access_log /dev/stdout; - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - include ${pkgs.nginx}/conf/mime.types; - default_type application/octet-stream; - upstream php { - server 127.0.0.1:9000; - } - server { - listen 80; - index index.php; - client_max_body_size 50m; - root /app/public; - location / { - try_files $uri $uri/ /index.php?$query_string; - } - location ~ \.php$ { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass php; - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_read_timeout 600; - } - } - } - ''; - php = pkgs.php82.withExtensions ({ enabled, all }: with all; enabled ++ [ - rdkafka - ]); in { - default = pkgs.dockerTools.buildImage { - name = "laravel-base-image"; - tag = "local"; - copyToRoot = pkgs.buildEnv { - name = "laravel-base"; - paths = with pkgs; [ - busybox - nginx - php - php.packages.composer - ] ++ (with dockerTools; [ - binSh - usrBinEnv - caCertificates - fakeNss - ]); - pathsToLink = [ - "/bin" - "/usr/bin" - "/usr/share" - "/etc" - ]; - }; - runAsRoot = '' - #!/usr/bin/env bash - mkdir -pm1777 /tmp - mkdir -p /entrypoint.d - ''; - config = { - Cmd = [ "${pkgs.bash}/bin/bash" init ]; - Env = [ - "PHPRC=${phpIni}" - ]; - }; - }; + default = pkgs.callPackage ./image.nix {}; }); }; } diff --git a/image.nix b/image.nix new file mode 100644 index 0000000..50b2d88 --- /dev/null +++ b/image.nix @@ -0,0 +1,52 @@ +{ lib +, pkgs +, nginx +, php82 +, busybox +, buildEnv +, runCommand +, dockerTools +, extraPhpExtensions ? ({enabled, all}: enabled) +}: let + callPackage = lib.callPackageWith (pkgs // config); + config = { + entrypointSh = callPackage ./config/entrypoint-sh.nix {}; + phpFpmConf = callPackage ./config/php-fpm-conf.nix {}; + phpIni = callPackage ./config/php-ini.nix {}; + nginxConf = callPackage ./config/nginx-conf.nix {}; + }; + php = php82.withExtensions extraPhpExtensions; + bin = buildEnv { + name = "bin"; + paths = [ + busybox + nginx + php + php.packages.composer + ]; + pathsToLink = [ "/bin" ]; + }; + extraDirs = runCommand "extra-dirs" {} '' + mkdir -pm1777 $out/tmp + mkdir -p $out/entrypoint.d + ''; +in dockerTools.buildImage { + name = "laravel-base-image"; + tag = "local"; + copyToRoot = buildEnv { + name = "laravel-base"; + paths = with dockerTools; [ + bin + extraDirs + usrBinEnv + caCertificates + fakeNss + ]; + }; + config = { + Cmd = [ "${busybox}/bin/sh" config.entrypointSh ]; + Env = [ + "PHPRC=${config.phpIni}" + ]; + }; +} From d7f2b2f3dfd66e5c7534df32453629be8bb3d726 Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 20 Sep 2023 04:44:56 +0200 Subject: [PATCH 07/15] fix: use bash for entrypoint as it contains bashisms --- config/entrypoint-sh.nix | 3 ++- image.nix | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/config/entrypoint-sh.nix b/config/entrypoint-sh.nix index e423830..92f76d3 100644 --- a/config/entrypoint-sh.nix +++ b/config/entrypoint-sh.nix @@ -1,10 +1,11 @@ { writeText +, bash , busybox , nginxConf , phpFpmConf , phpIni }: writeText "entrypoint.sh" '' - #!${busybox}/bin/sh + #!${bash}/bin/bash find /entrypoint.d -type f -executable -print0 | xargs -0I{} {} nginx -e /dev/null -c ${nginxConf} & php-fpm -Fy ${phpFpmConf} -c ${phpIni} & diff --git a/image.nix b/image.nix index 50b2d88..bc7ae99 100644 --- a/image.nix +++ b/image.nix @@ -3,6 +3,7 @@ , nginx , php82 , busybox +, bash , buildEnv , runCommand , dockerTools @@ -44,7 +45,7 @@ in dockerTools.buildImage { ]; }; config = { - Cmd = [ "${busybox}/bin/sh" config.entrypointSh ]; + Cmd = [ "${bash}/bin/bash" config.entrypointSh ]; Env = [ "PHPRC=${config.phpIni}" ]; From 59071577a24b9dc0ed46dbe293941c6c280ca55b Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 20 Sep 2023 05:01:44 +0200 Subject: [PATCH 08/15] fix: create additional dirs in runasroot since permissions for /tmp aren't retained otherwise --- image.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/image.nix b/image.nix index bc7ae99..40446ad 100644 --- a/image.nix +++ b/image.nix @@ -27,10 +27,6 @@ ]; pathsToLink = [ "/bin" ]; }; - extraDirs = runCommand "extra-dirs" {} '' - mkdir -pm1777 $out/tmp - mkdir -p $out/entrypoint.d - ''; in dockerTools.buildImage { name = "laravel-base-image"; tag = "local"; @@ -38,12 +34,16 @@ in dockerTools.buildImage { name = "laravel-base"; paths = with dockerTools; [ bin - extraDirs usrBinEnv caCertificates fakeNss ]; }; + runAsRoot = '' + #!${bash}/bin/bash + mkdir -pm1777 /tmp + mkdir -p /entrypoint.d + ''; config = { Cmd = [ "${bash}/bin/bash" config.entrypointSh ]; Env = [ From 76c1acbb61efc906f00b8482b67ec5302cc1020f Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 20 Sep 2023 06:08:38 +0200 Subject: [PATCH 09/15] fix: include bash in /bin so scripts can use it --- image.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/image.nix b/image.nix index 40446ad..5019ec9 100644 --- a/image.nix +++ b/image.nix @@ -1,5 +1,6 @@ { lib , pkgs +, hiPrio , nginx , php82 , busybox @@ -20,7 +21,8 @@ bin = buildEnv { name = "bin"; paths = [ - busybox + (hiPrio busybox) + bash nginx php php.packages.composer From be19339bf6beda4eea4ad06c7883e4e105fd7937 Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 20 Sep 2023 06:30:42 +0200 Subject: [PATCH 10/15] fix: create cache dir so nginx can use it --- image.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image.nix b/image.nix index 5019ec9..853af76 100644 --- a/image.nix +++ b/image.nix @@ -44,7 +44,7 @@ in dockerTools.buildImage { runAsRoot = '' #!${bash}/bin/bash mkdir -pm1777 /tmp - mkdir -p /entrypoint.d + mkdir -p /entrypoint.d /var/cache ''; config = { Cmd = [ "${bash}/bin/bash" config.entrypointSh ]; From 878ddc591e262781ce1627069197687d796256da Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 20 Sep 2023 06:43:05 +0200 Subject: [PATCH 11/15] fix: create cache dir for nginx --- image.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image.nix b/image.nix index 853af76..c5b8ccf 100644 --- a/image.nix +++ b/image.nix @@ -44,7 +44,7 @@ in dockerTools.buildImage { runAsRoot = '' #!${bash}/bin/bash mkdir -pm1777 /tmp - mkdir -p /entrypoint.d /var/cache + mkdir -p /entrypoint.d /var/cache/nginx ''; config = { Cmd = [ "${bash}/bin/bash" config.entrypointSh ]; From 7c6979a0edf3f1dd6dcf91bdce5e37cd5ffd8d10 Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 20 Sep 2023 08:49:57 +0200 Subject: [PATCH 12/15] feat: set and create working directory --- image.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/image.nix b/image.nix index c5b8ccf..09d0870 100644 --- a/image.nix +++ b/image.nix @@ -44,10 +44,11 @@ in dockerTools.buildImage { runAsRoot = '' #!${bash}/bin/bash mkdir -pm1777 /tmp - mkdir -p /entrypoint.d /var/cache/nginx + mkdir -p /entrypoint.d /var/cache/nginx /app ''; config = { Cmd = [ "${bash}/bin/bash" config.entrypointSh ]; + WorkingDir = "/app"; Env = [ "PHPRC=${config.phpIni}" ]; From 9cbd2fa1b207bdd987dd4ba461f7b92b4c82ca5a Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 20 Sep 2023 09:34:54 +0200 Subject: [PATCH 13/15] feat: add some more overridable parameters to match what's provided by other base images --- image.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/image.nix b/image.nix index 09d0870..ef44a03 100644 --- a/image.nix +++ b/image.nix @@ -8,6 +8,10 @@ , buildEnv , runCommand , dockerTools +, imageName ? "laravel-base-image" +, imageTag ? "local" +, extraEnv ? [] +, extraPkgs ? [] , extraPhpExtensions ? ({enabled, all}: enabled) }: let callPackage = lib.callPackageWith (pkgs // config); @@ -26,12 +30,12 @@ nginx php php.packages.composer - ]; + ] ++ extraPkgs; pathsToLink = [ "/bin" ]; }; in dockerTools.buildImage { - name = "laravel-base-image"; - tag = "local"; + name = imageName; + tag = imageTag; copyToRoot = buildEnv { name = "laravel-base"; paths = with dockerTools; [ @@ -51,6 +55,6 @@ in dockerTools.buildImage { WorkingDir = "/app"; Env = [ "PHPRC=${config.phpIni}" - ]; + ] ++ extraEnv; }; } From 9e74e662cb3f60fb62938037b7cb6d667894647b Mon Sep 17 00:00:00 2001 From: Chris Date: Thu, 21 Sep 2023 14:32:39 +0200 Subject: [PATCH 14/15] feat: make php more easily overridable and provide packages for relevant php versions --- flake.nix | 5 +++++ image.nix | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 9d665e4..d322542 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,11 @@ pkgs = pkgsFor.${system}; in { default = pkgs.callPackage ./image.nix {}; + php74 = pkgs.callPackage ./image.nix { php = pkgs.php74; }; + php80 = pkgs.callPackage ./image.nix { php = pkgs.php80; }; + php81 = pkgs.callPackage ./image.nix { php = pkgs.php81; }; + php82 = pkgs.callPackage ./image.nix { php = pkgs.php82; }; + php83 = pkgs.callPackage ./image.nix { php = pkgs.php83; }; }); }; } diff --git a/image.nix b/image.nix index ef44a03..f51e44f 100644 --- a/image.nix +++ b/image.nix @@ -2,7 +2,7 @@ , pkgs , hiPrio , nginx -, php82 +, php , busybox , bash , buildEnv @@ -21,15 +21,15 @@ phpIni = callPackage ./config/php-ini.nix {}; nginxConf = callPackage ./config/nginx-conf.nix {}; }; - php = php82.withExtensions extraPhpExtensions; + phpWithExtensions = php.withExtensions extraPhpExtensions; bin = buildEnv { name = "bin"; paths = [ (hiPrio busybox) bash nginx - php - php.packages.composer + phpWithExtensions + phpWithExtensions.packages.composer ] ++ extraPkgs; pathsToLink = [ "/bin" ]; }; From c4baa0bc73e810c49c8fe66eb43bd4cdc8e27d2b Mon Sep 17 00:00:00 2001 From: Chris Date: Thu, 21 Sep 2023 14:34:11 +0200 Subject: [PATCH 15/15] ci: remove build job as it's no longer needed --- .github/workflows/build-push.yaml | 29 ----------------------------- 1 file changed, 29 deletions(-) delete mode 100644 .github/workflows/build-push.yaml diff --git a/.github/workflows/build-push.yaml b/.github/workflows/build-push.yaml deleted file mode 100644 index a375722..0000000 --- a/.github/workflows/build-push.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Build and Push Container Image -on: - push: - tags: - - 'v*.*.*' -jobs: - build-push: - name: Build and Push Container Image - runs-on: ubuntu-latest - continue-on-error: true - strategy: - fail-fast: false - matrix: - images: - - name: laravel-nginx - file: laravel-nginx.Dockerfile - - name: laravel-swoole - file: laravel-swoole.Dockerfile - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Build and Push - uses: stafftastic/docker-build-push-action@main - with: - name: ${{matrix.images.name}} - file: ${{matrix.images.file}} - project: stafftastic - repository: base-images - serviceAccountKey: ${{secrets.GOOGLE_ARTIFACT_REGISTRY_SA_KEY}}